 This is a NETGATE 4200. We've actually bought several of these, but full disclosure up front, this video is not sponsored by NETGATE. They have no editorial control over this particular video, but they did in January of 2024, send me a NETGATE 4200 that I'm still using in my studio. That's where my review starts, but I'm also gonna talk about why we bought several more, including ones we've deployed at clients as a solution. So the two long didn't watch, does Tom like this device? Yes, I think the NETGATE devices, including the 4200 are great. This is a replacement for the end of sale, but not end of life, 4100, because well, you get these four, two and a half gig ports and a updated processor, although the port configuration is different than the 4100. So we'll be talking about that. It is a passively cool device. It's not noisy. It has been really reliable. And we're gonna talk about all the workload that I have on this device and then offer my opinion, which is, as I said, I think they work pretty good, but let's make sure it's the right device for you. So join me and let's dive into it. Are you an individual or forward thinking company looking for expert assistance with network engineering, storage or virtualization projects? Perhaps you're an internal IT team seeking help to proactively manage, monitor, or secure your systems. We offer comprehensive consulting services tailored to meet your specific project needs. Whether you require fully managed or co-managed IT services, our experienced team is ready to step in and help. We specialize in supporting businesses that need IT administration or IT team seeking an extra layer of support to enhance their operations. To learn more about any of our services, head over to our website and fill out the higher S form at lorenzsystems.com. Let us start crafting the perfect IT solution for you. If you wanna show some extra love for our channel, check out our swag store and affiliate links down below that will lead you to discounts and deals for products and services we've discussed on this channel. With the ad read out of the way, let's get you back to the content that you really came here for. In the box, you get a 4200, a micro USB cable if you'd like to console in, the threaded locking barrel connector power supply that is now common with many other neck gate devices. I really like these. They secure it really, really well. For hardware, we have the Intel Atom 4 core at 2.1 gigahertz. This is a modern CPU that was launched in 2022 and it's also worth noting that it offers about three times the performance of IPSec VPN speed compared to the 4100, which had an Intel Atom C338R model CPU. We have four gigs of low power DDR5, 16 gigs EMMC that is soldered on, but you can put in your own drive or they do have a max model coming soon that'll ship with a 128 gig drive option. We have four distinct ports that can be assigned WAN or LAN and all of them are two and a half gig. And of course, this device is passively cooled. Of note, it also has multicolored blinky lights to give you status updates of what it's doing or if it needs an update that is all listed out in the manual, what those different lights mean. If you decide to use the council cable and this is completely optional, there's nothing you have to do to get this setup. You can get into the BIOS. You can go through, see all the settings, modify the settings and simply save and exit after you make those changes like a normal BIOS setup. Then it'll go through the boot process and this is the first time booting so it has all the default settings. One of the nice things is they've done a great job with the port labeling so there's no question when you look at it either through the council interface or through the actual PF sense web interface that you can figure out what port is what to get things going. This makes it a lot easier. As I said though, they're completely reassignable so you can assign them however you want. As I said earlier, I installed this in January of 2024. It is currently April 12th of 2024 and I'm still using it. So as I said, it's a little bit longer term review and we've taken some and put them in at clients and they are now doing site to site VPNs and functions and working fine. So that wasn't too much in question of whether or not it would work fine but let's talk about long-term use and what I'm using it for not just testing in the lab but what three months of use and well a little over three months and what I'm using it for but let's talk about first the load on it. So I think that matters quite a bit. And I have on here about 74 devices connected right now. This is end top. I've done videos on this inside of PF sense. You'll find my whole PF sense playlist link down below. There's currently 714 flows on this particular interface. The other interfaces have a fewer on them but kind of gives you an idea. So yeah, there's a handful of things. This is my studio. This is my lab. There's also a VPN setup that ties things to the other labs and other sites that I have. So just a good configuration that we can go through here for a production level setup and it's been performing quite well. Now let's go through and talk about each service that I have running on here. ArpWatch. ArpWatch is great. This lets me know when it sends me a notice anytime a new device gets added. The DCP server, I'm using the default one. Gateway monitoring. That's just default out of the box. HA proxy. I only have a handful of services running on HA proxy. As you can see over here it runs my surveillance system, fresh RSS, uptime kuma and my home assistant, flat notes and I was playing with some S3 things on there that's currently not active right now but these I use regularly. So just a handful of services on there. Iperf. It is turned off now, but turning it on doesn't take up that much more memory. We'll get to the memory in a moment. N-top-NG, which we were showing the flows in. OpenVPN. This is a inbound setup for OpenVPN and this is essentially an outbound using PIA. This is my privacy VPN. If I want to, you know, seed some ISOs using torrenting traffic. Then we have PF blocker. I do not use the DNS blocking in here because well, it can be troublesome sometimes. And I'm fine with just using the firewall service for doing G-O-I-P blocking and some of the threat protection. I'm currently using Snort on this. I go back and forth between Snort and Saracada. I've got videos on both, but yes, this is running Snort. SSH has turned on, Syslog and tail scale is on here as well. It's another VPN I'm using right now. The DNS resolver, status, traffic totals, collection daemon and WireGuard VPN. This is my site to site I have with my other labs that I have set up. Running all of this and everything right now is one only taking up about 6% of CPU as we're sitting here and 34% of the four gigs of memory. I see a lot of people talk about wanting to have tons of memory in here. And with the device load I showed earlier on this, it's still only taking up 34% of memory. It just doesn't take a whole lot of memory to run these services on here. Now, I want to dive into the status monitoring and show that the CPU load was at about 1.5% and then you can see the speed at which the VPN is working and this is an offsite backup I was doing. Still only pushed the CPU using WireGuard to about 6%. The limitation here is actually the network speed that I'm locked into, not the actual total maximum throughput of this. I just wanted to highlight though that it doesn't take a whole lot of processor to run any of this. And speaking of processors and load, let's head over here to the Passmark software site to compare the Intel Atom-C1110 that is in the NetGate 4200 versus something that's pretty common in a lot of the generic boxes, the Intel Celeron J4125 at two gigahertz. If you're looking at these from a spec sheet like this right here, you'd say these are relatively evenly matched. We both have four cores. We have a similar clock speed. We have a slightly faster clock speed on the Celeron and we have a CPU mark score that is relatively close. There's a 6% difference in speed, but there's a much bigger difference that I noticed after I had set this up. And that specifically was around the privacy VPN. When you were seeding your ISOs, the torrent traffic over the privacy VPN, when you had a lot going on, all those packets going back and forth over the VPN would start to cause a lot of packet loss. And then of course lots of slowdowns. And the way I fixed that was to limit how many you could seed at once. And that was kind of a fixed, I assumed maybe it was just more packets than that system could handle. But the Atom processor that's in the 4200 solved that. And I mean, this was a export config, import config out of one device and into another. And wow, what a difference. I was able to dramatically increase and not have to worry about it all. It's actually one of my easy load tests because everything from Snort starts getting loaded up as well as the VPN because it's got a tunnel, a pretty large volume of traffic that's going in and out over that particular VPN. And Snort wants to take a look at all the packets and it's a high volume of packets. So it's actually kind of an interesting workload you're putting the system under and it performed quite well. I actually think the 4200 is a great add to the lineup of the NetGate devices. We, as I noted earlier, have bought several of them for clients. We set up some site to site VPNs with WireGuard. Works perfectly fine. It's great for little small offices and things like that or the workload that I have here. One last thing I will note, the EMMC memory that is going to probably be a point of contention with a lot of people. I don't find any reliability problems with it in modern EMMC. I get it if you had something from seven, eight years ago and you're like, hey, that failed on me and that's because memory back then well wasn't as well made as memory today. So even though it's built in, I don't really worry about it with the workload that I'm running. It's also only taking up about one and a half gigs of memory. So no, there's not a lot on there but it also isn't taking up a whole lot either. So that's not causing me any concern but you can add another drive if you want now or later. As I pointed out earlier, also if you're going to be storing a lot of logs I generally don't store them on the drive. I ship them over to a logging server because it's easier to parse. But yeah, if you have some use case that means you want more hard drive space or maybe you're just doing a bunch of packet captures you want to save right to the system that is an option that you have. Love hearing from you. Leave your thoughts and comments down below on this or other videos that I've talked about on a channel. Like and subscribe. Subscribe to my newsletter if you want to keep up with some of the goingsons I put in there for videos I've done and some of the news things that I have some thoughts on that I put in a monthly newsletter. You'll find that over at lorenzsystems.com and I'll see you over in the forums, forums.lorenzsystems.com where we can have a more in-depth discussion about this or any other topic you see on our channel. Thanks.